API Flow

“As a Lighting Designer I would like to upload Stamp files to the cloud to be viewed by the rest of the creative team so that the notes I have on a production can be actioned upon with as much knowledge and collaboration as possible.”


  • Authenticate the user.
  • Verify required license.
  • Provide location and credentials for uploading.
  • Store location in database.
  • Provide access to stored files.

There are a few assumptions I’m making here, specifically do I really need to be dealing with a “user” or even verify them. Experience and user research leads me towards the belief that I strongly do. Live events are on the whole kept secret until the day of the first production and as such security will be required so that files uploaded are only uploaded and viewable by the designated team members. Also without any way to check whether a valid license is associated with a user an inifnite amount of files could potentially be uploaded to a server and the bill I would have to pay would be astronomical.

A few things to note with this rough design of the API to upload a file to “Stamp Cloud”:

  • Temporary credentials for uploading to a data store are provided to the user by the web application. The decision for this was informed by Amazons token vending machine article. The reasons for this are:
    1. Malicious users who might obtain these credentials will only have limited amount of time and access.
    2. Updating credentials is easier to implement when distributed through a token vending machine rather than hard coding them into the macOS application. Not only is embeddeding them into the application a security flaw but if the credentials are needed to be changed or “rotated”, which is considered best practise, a new version of the application would need to be distributed.
  • Uploading of files is completely by-passing the web application. There are situations where a web application uploads directly to a data store but in these instances file sizes are typically quite small. In this context a Stamp file and associated media files are roughly 20-30GB. I will need to provide a way for files to be uploaded as fast as possible as typically productions finish around 10pm with shifts ending shortly after. The idea would be that a file and assocaited media is uploaded straight after a production to be viewed by the creative team early the next day. To make the process quick I intend to by-pass the web application and directly upload to the data store as well as attempt to implement multipart uploading.


  • Will video at that size need to be streamed into the browser?
  • What will happen to the Stamp file? Does it need to be parsed into a database to provide analytics?